package alpine.auth;

import alpine.model.LdapUser;
import alpine.model.ManagedUser;
import alpine.persistence.AlpineQueryManager;
import java.security.Principal;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.ws.rs.core.HttpHeaders;
import org.glassfish.jersey.server.ContainerRequest;

/* loaded from: input_file:alpine/auth/JwtAuthenticationService.class */
public class JwtAuthenticationService implements AuthenticationService {
    private String bearer;

    public JwtAuthenticationService(ContainerRequest containerRequest) {
        this.bearer = null;
        this.bearer = getAuthorizationToken(containerRequest);
    }

    @Override // alpine.auth.AuthenticationService
    public boolean isSpecified() {
        return this.bearer != null;
    }

    @Override // alpine.auth.AuthenticationService
    public Principal authenticate() throws AuthenticationException {
        KeyManager keyManager = KeyManager.getInstance();
        if (this.bearer == null) {
            return null;
        }
        JsonWebToken jsonWebToken = new JsonWebToken(keyManager.getSecretKey());
        if (!jsonWebToken.validateToken(this.bearer)) {
            return null;
        }
        AlpineQueryManager alpineQueryManager = new AlpineQueryManager();
        Throwable th = null;
        try {
            if (jsonWebToken.getSubject() == null || jsonWebToken.getExpiration() == null) {
                throw new AuthenticationException("Token does not contain a valid subject or expiration");
            }
            ManagedUser managedUser = alpineQueryManager.getManagedUser(jsonWebToken.getSubject());
            if (managedUser != null) {
                return managedUser.isSuspended() ? null : managedUser;
            }
            LdapUser ldapUser = alpineQueryManager.getLdapUser(jsonWebToken.getSubject());
            if (ldapUser != null) {
                if (alpineQueryManager != null) {
                    if (0 != 0) {
                        try {
                            alpineQueryManager.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        alpineQueryManager.close();
                    }
                }
                return ldapUser;
            }
            if (alpineQueryManager == null) {
                return null;
            }
            if (0 == 0) {
                alpineQueryManager.close();
                return null;
            }
            try {
                alpineQueryManager.close();
                return null;
            } catch (Throwable th3) {
                th.addSuppressed(th3);
                return null;
            }
        } finally {
            if (alpineQueryManager != null) {
                if (0 != 0) {
                    try {
                        alpineQueryManager.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    alpineQueryManager.close();
                }
            }
        }
    }

    private String getAuthorizationToken(HttpHeaders httpHeaders) {
        String str;
        List requestHeader = httpHeaders.getRequestHeader("Authorization");
        if (requestHeader == null || (str = (String) requestHeader.get(0)) == null) {
            return null;
        }
        return str.substring("Bearer ".length());
    }
}
